require 'digest/sha2'
require 'will_paginate'

class UsersController < ApplicationController
	
	before_filter :admin_authorize
  # GET /users
  # GET /users.xml
  def index
    @users = User.find(:all, :order => :username)

    respond_to do |format|
      format.html # index.html.erb
      format.xml  { render :xml => @users }
    end
  end
  
    # GET /users/1
    # GET /users/1.xml
    def show
       @user = User.find(session[:user_id])
       respond_to do |format|
        format.html # show.html.erb
        format.xml  { render :xml => @user }
      end
    end

  # GET /users/new
  # GET /users/new.xml
  def new
    @user = User.new
    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @user }
    end
  end

  # GET /users/1/edit
  def edit
    @user = User.find(params[:id])
  end

  # POST /users
  # POST /users.xml
  def create
    @user = User.new(params[:user])

    respond_to do |format|
      if @user.save
        flash[:notice] = "User #{@user.username} was successfully created."
        format.html { redirect_to(:action => :index) }
        format.xml  { render :xml => @user, :status => :created, :location => @user }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

  # PUT /users/1
  # PUT /users/1.xml
  def update
    @user = User.find(params[:id])

    respond_to do |format|
      if @user.update_attributes(params[:user])
        flash[:notice] = "User #{@user.username} was successfully updated."
        format.html { redirect_to(:action => :index) }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

   # DELETE /users/1
  # DELETE /users/1.xml
   def destroy
     @user = User.find(params[:id])
     @user.destroy

     respond_to do |format|
       format.html { redirect_to(users_url) }
      format.xml  { head :ok }
     end
   end
   
   

#   def profile
#     @user = User.find(session[:id])
#   end
private

	def admin_authorize
  		if not session[:user_id] or not User.find_by_id(session[:user_id]).is_admin
  			flash[:notice] = "Nie masz prawa do przeglądania zawartości strony"
  			redirect_to :controller => :site, :action => :index
  		end
  	end

end

